stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
devportal-offline / build-offline (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-03 00:10:19 +02:00
parent ea1d58a89b
commit 37cba83708
158 changed files with 147438 additions and 867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/modules/signals/evidence/README.md
View File

@@ -14,11 +14,19 @@ Planned Evidence Locker paths (to fill post-signing):
- `evidence-locker/signals/heuristics/2025-12-01/fixtures/` (golden inputs/outputs)
Pending steps:
1) Sign each artifact with its predicate:
1) Sign each artifact with its predicate (cosign v3.0.2 in `/usr/local/bin`, use `--bundle`; v2.6.0 fallback in `tools/cosign` also works with `--output-signature`):
- `stella.ops/confidenceDecayConfig@v1`
- `stella.ops/unknownsScoringManifest@v1`
- `stella.ops/heuristicCatalog@v1`
Example (replace KEY):
Example (v3, replace KEY):
```bash
cosign sign-blob \
--key cosign.key \
--predicate-type stella.ops/confidenceDecayConfig@v1 \
--bundle confidence_decay_config.sigstore.json \
decay/confidence_decay_config.yaml
```
v2.6.0 fallback (if PATH prefixed with `tools/cosign`):
```bash
cosign sign-blob \
--key cosign.key \
@@ -26,7 +34,9 @@ Pending steps:
--output-signature confidence_decay_config.dsse \
decay/confidence_decay_config.yaml
```
2) Attach SHA256 from `SHA256SUMS` in DSSE headers/annotations.
2) Record SHA256 from `SHA256SUMS` in DSSE annotations (or bundle metadata); keep canonical filenames:
- v3: `confidence_decay_config.sigstore.json`, `unknowns_scoring_manifest.sigstore.json`, `heuristics_catalog.sigstore.json`
- v2 fallback: `.dsse` signatures.
3) Place signed envelopes + checksums in the Evidence Locker paths above; update sprint tracker Delivery Tracker rows 57 and Decisions & Risks with the final URIs.
4) Add signer/approver IDs to the sprint Execution Log once signatures are complete.